CVE-2023-39914

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-39914

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-39914.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-39914

Aliases

Related

UBUNTU-CVE-2023-39914

Published

2023-09-13T15:15:07Z

Modified

2024-09-18T03:25:05.051601Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

NLnet Labs' bcder library up to and including version 0.7.2 panics while decoding certain invalid input data rather than rejecting the data with an error. This can affect both the actual decoding stage as well as accessing content of types that utilized delayed decoding.

References

Affected packages

Debian:12 / rust-bcder

Package

Name: rust-bcder
Purl: pkg:deb/debian/rust-bcder?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.6.1-1

0.7.3-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / rust-bcder

Package

Name: rust-bcder
Purl: pkg:deb/debian/rust-bcder?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.7.3-1

Affected versions

0.*

0.6.1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}